Honeywell Says USB-Borne Malware That Can Cause Major ICS Disruption Are Significantly Increasing

USB BorneMalware

Honeywell reports it’s seen a large rise in USB-borne malware over the past year, which can threaten industrial control systems (ICS).

This week Honeywell Industrial Cybersecurity released its USB Threat Report for 2020. The report is based on data collected by the company’s Secure Media Exchange (SMX) USB security platform from oil and gas, energy, chemicals , food, shipping, construction, aerospace, pulp and paper, and manufacturing companies across 60 countries across the Americas, Europe , and Asia over a 12 month period.

An analysis of the data showed that at least one threat was blocked by SMX at 45% of industrial sites using the product, up from 44% in the previous report published by the company in 2018.

While only 11 percent of the malware found on USB drives was specifically designed to target industrial systems — this represents a slight drop from the 14 percent identified in 2018 — 59 percent of the detected threats could cause significant disruption to industrial systems, compared to only 26 percent in 2018. On the other hand, the 11 percent becomes 28 percent if consideration is also given to ransomware, which has increasingly targeted operational technology (OT) systems.

These pieces of malware can launch DoS attacks, cause the operations management networks to lose sight and harm or interrupt key properties, says Honeywell.

Compared to 2018 , the company has seen an increase in the percentage of trojans , worms, rootkits and viruses, and a drop in potentially unwanted applications (PUA), non-targeted bots, spyware , adware and hacking instruments. Other commercial security solutions did not detect five per cent of all threats, Honeywell claimed.

RATs, backdoors, and droppers were the most common threats observed by the company.

“This makes logical sense: a sound strategy for an attacker is to gain a foothold via USB in industrial environments where network access is difficult, and then establish remote access and download new malware,” the company said in its report. “In these otherwise elusive environments, while ransomware can be effective via USB, establishing a persistent backdoor with command and control, more coordinated attacks may be attempted.”

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.